CVE-2025-37818

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-37818
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37818.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-37818
Downstream
Published
2025-05-08T06:26:13.322Z
Modified
2026-05-15T11:53:21.929763964Z
Summary
LoongArch: Return NULL from huge_pte_offset() for invalid PMD
Details

In the Linux kernel, the following vulnerability has been resolved:

LoongArch: Return NULL from hugepteoffset() for invalid PMD

LoongArch's hugepteoffset() currently returns a pointer to a PMD slot even if the underlying entry points to invalidptetable (indicating no mapping). Callers like smapshugetlbrange() fetch this invalid entry value (the address of invalidptetable) via this pointer.

The generic isswappte() check then incorrectly identifies this address as a swap entry on LoongArch, because it satisfies the "!ptepresent() && !ptenone()" conditions. This misinterpretation, combined with a coincidental match by ismigrationentry() on the address bits, leads to kernel crashes in pfnswapentrytopage().

Fix this at the architecture level by modifying hugepteoffset() to check the PMD entry's content using pmdnone() before returning. If the entry is invalid (i.e., it points to invalidpte_table), return NULL instead of the pointer to the slot.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/37xxx/CVE-2025-37818.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.19.0
Fixed
6.1.136
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.89
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.26
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.14.5

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-37818.json"